Platform

Unify HRM Overview

Platform

Capabilities

Identify: Human Risk Operations Center (HROC)
Dashboards

Power Insights

Benchmarks

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report: Human Risk Index (HRI)
Employee Scorecards

Manager Reporting

Board and Executive Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

February 20, 2024

Navigating Processes for a Secure Future

Cybersecurity risks encompass not only rogue codes but also human vulnerabilities, emphasizing the importance of employee risk management in contemporary settings. With that in mind, the Human Risk Management (HRM) Maturity Model has emerged as a lighthouse guiding organizations to safer shores.

The three primary elements of the HRM Maturity Model are Culture, Technology, and Process. We have covered Culture and Technology in previous posts, but Process is often the most elusive of the three. It’s easy to understand that Technology is the foundation, and because the focus is on Human Risk, it’s easy to connect the dots with Culture. Process, however, is crucial. It is the chain that connects the two.

Let's explore the dynamics of process within the HRM Maturity Model, focusing on its core components: Functional Structure, Program, and Metrics.

Functional Structure: The Spine of the Operation

Initial Stage: The Nomadic Phase

In the initial stage, Human Risk Management (HRM) is a vagabond, settling temporarily in departments like Compliance, IT, or HR. This stage often resembles an unorganized marketplace, where everyone is aware of the need for security but isn't quite sure who should be the vendor.

Managed Stage: Founding the Citadel

Here a full-time team dedicated to HRM is formed, typically reporting to IT or Security. Think of it as moving from tents to a fortified citadel where there's more organization and better-defined roles.

Defined Stage: The Interconnected City

In this stage, the citadel expands into a city, with roads connecting to other critical departments like IT, risk management, and even high-level executives. The CISO is the mayor, whose support provides the city (the HRM program) the budget and multi-disciplinary strength it requires.

Optimized Stage: The Metropolis

At this stage, the city grows into a bustling metropolis complete with skyscrapers representing different metrics and tools that guide the HRM initiatives. The budget expands, new specialized roles emerge, and senior leaders are brought in to drive the strategy.

Innovating Stage: The Smart City

The budget and initiatives at this stage are futuristic and data-driven. The CISO is no longer just a mayor but also an evangelist, making the value of the HRM program clear across the entire organization.

Program: From A One-Man Band to a Symphony

The anecdotal evolution from nomadic wanderers to advanced smart cities aside, the Process component of HRM also matures over time to include a wider range of roles and individuals.

When an organization first starts its HRM journey, training programs tend to be one-size-fits-all, meeting the bare minimum of compliance requirements.

As the program matures, training becomes job-specific, and elements like performance scores in training modules are introduced. Eventually, access to behavioral data is introduced, enabling targeted interventions based on individual risk profiles. As the HRM process grows, technology allows for proactive, targeted interventions based on comprehensive data analysis.

The pinnacle is when the program becomes predictive, using sophisticated data models to preemptively identify risks.

Metrics: From Checkmarks to Dashboards

Initial to Defined Stages: The Scorecard

Metrics in the initial stages are like a basic scorecard, simple and focused on tick-boxes such as course completions and engagement rates.

Optimized and Innovating Stages: The Dashboard

As the program matures, the metrics evolve into a comprehensive dashboard that measures various facets of employee risk. Metrics are now not just about what is, but also about what could be, offering predictive insights into future risks.

Ensure the Chain Is Strong

As organizations mature in their approach to Human Risk Management, they transition from being a small, scattered village to a planned, sprawling metropolis. They move from lone individuals to an intricate collaboration. And they evolve from using a rudimentary scorecard to a sophisticated, predictive dashboard.

The goal is to reach a stage where human risk is not just managed but optimized, contributing to both the security and the performance of the organization. This journey, marked by sophisticated employee risk management strategies, is complex. Yet, the Human Risk Management Maturity Model serves as a vital roadmap, guiding organizations through the multifaceted landscape of managing and optimizing employee risks.

It is not just about meeting compliance requirements or ticking boxes; it's about creating a culture where security is integrated into the very fabric of the organization.